package com.zzzzzz.account.signin;

import javax.annotation.Resource;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

@Controller
public class SigninController {

	@Resource
	private OnlineService onlineService;
	
	@RequestMapping(value="/login",method = RequestMethod.GET)
	public String login() {
		if(onlineService.isSignedIn()){
			return "account/users/home";
		}else{
			return "account/login";
		}
	}

	@RequestMapping(value="/login",method = RequestMethod.POST)
	public String fail(@RequestParam(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM) String userName, Model model) {
		model.addAttribute(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM, userName);
		return "account/login";
	}

    @RequestMapping("/logout")
    public String processLogout() {
		Subject currentUser = SecurityUtils.getSubject();
//		Session session = currentUser.getSession();
//		session.removeAttribute("currentUser");
		currentUser.logout(); //removes all identifying information and invalidates their session too.
        return "redirect:/";
    }
}
